Re: Feedback on IPFW

[Peter Lukas <plukas () oss uswest net>]

I've used it for minimal host protection across a number of systems. While
it certainly does not replace a gateway firewall, it's come in quite handy
in a pinch or in areas where gateway firewalls and/or router ACL's aren't
practical (or available). Here's a 2-second pre-coffee list of pros and
cons.

Pros:
* Stable
* Modestly efficient.
* Relatively stateful.
* Fairly simple to set up.
* Akin to Cisco ACL so even Router Jocks can deal with it.

Cons:
* Development may not be as prolific as in the past.
* Painful when managed by multiple individuals that don't communicate. ;-)

Of course, my bias stems from experiences using it at the host level
where the potential for operator error can have astronomical consequences.
If you're stuck with boot-camp or maveric sysadmins, be sure you've got a
working console connection (and a healthy outlet for rage)! :-)

Peter

On Mon, 7 Jan 2002, Ripper Roo wrote:

> Hello,
>
> I am currently evaluating FreeBSD(4.4)/IPFW and would like to receive
> feedback from experimented users, so good news and bad news are very
> welcomed.
>
> Thanks,
>
> --Ripper
>
> _________________________________________________________________
> Join the world?s largest e-mail service with MSN Hotmail.
> http://www.hotmail.com
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () nfr com
> http://list.nfr.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards